Executive Summary
The Arbitrum Security Council executed an emergency on‑chain freeze on April 21, locking 30,766 ETH—roughly $70 million—belonging to the KelpDAO exploiter on the Arbitrum One network. The funds were moved to a protocol‑controlled address before the attacker could bridge them back to Ethereum mainnet. Security researcher firm Peckshield had already raised the alarm, allowing the council to act swiftly.
What Happened
On April 21, the Arbitrum Security Council initiated an emergency transaction that immobilized 30,766 ETH held by the individual who exploited KelpDAO. The freeze occurred on the Arbitrum One layer‑2 chain, preventing the attacker from moving the assets to the Ethereum mainnet. Shortly after the freeze, the seized ETH was transferred to an address under the direct control of the Arbitrum protocol, effectively securing the funds.
Background / Context
KelpDAO, a decentralized autonomous organization focused on liquidity provisioning, suffered a breach that allowed an unknown actor to siphon a large amount of ETH. The Arbitrum network, a popular layer‑2 scaling solution for Ethereum, operates a Security Council composed of core developers and community representatives tasked with safeguarding the ecosystem. When the breach was first detected, security‑research firm Peckshield flagged the malicious activity, alerting the council to the imminent risk of a cross‑chain bridge exploit.
Reactions
Members of the Arbitrum Security Council described the freeze as a necessary step to protect the broader ecosystem and to give victims a chance at recovery. Peckshield, which had identified the exploiter’s activity, praised the council’s rapid response, noting that the on‑chain action likely prevented the attacker from cashing out on the mainnet. Community members on Arbitrum’s forums expressed relief, emphasizing that the swift freeze restored confidence in the network’s governance mechanisms.
What It Means
The successful freeze demonstrates the growing power of on‑chain governance tools within layer‑2 ecosystems. By acting directly on the Arbitrum One chain, the council avoided the delays associated with off‑chain legal avenues and limited the attacker’s ability to exploit bridge vulnerabilities. This incident also underscores the importance of proactive security research; Peckshield’s early warning was instrumental in enabling the council’s decisive action.
What Happens Next
With the ETH now under protocol control, the Arbitrum Security Council faces decisions about how to allocate the frozen assets. Options include returning the funds to affected KelpDAO participants, donating them to a community treasury, or using them to fund further security audits. The council has indicated that it will engage with KelpDAO stakeholders and legal advisors before finalizing any distribution plan. Meanwhile, the incident is likely to prompt a review of bridge security protocols across the ecosystem.